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AMENDMENTS TO THE SPECIFICATION: 

Please replace the paragraph beginning on line 8, page 4 with the following amended 
paragraph: 

Creating and storing the privilege token may involve receiving a user name associated 
with the subscriber and mapping the user name to a distinguished name in the directory 
repository; creating and storing in the privilege token? one or more roles occupied by the 
subscriber based on role information that is stored in the directory repository. 

Please replace the paragraph beginning on line 12, page 4 with the following 
amended paragraph: 

A host object in the directory may uniquely identify the subscriber for the subscrib e r, 
and the host object may contain the privilege token corresponding to the subscriber. 

Please replace the paragraph beginning on line 1, page 5 with the following amended 
paragraph: 

In other aspects, the invention encompasses a computer apparatus ? and a computer 
readable medium, and a carrier wave configured to carry out the foregoing steps. 

Please replace the paragraph beginning on line 21 , page 1 1 with the following 
amended paragraph: 

The authentication server 446106 is used primarily for user authentication. When 
authentication server 444106 is a RADIUS server, selected RADIUS attributes may be 
defined in the AAA database and may be used by the service selection gateway. Service and 
user data is in directory server 1 18. In an embodiment, a schema is defined for storing the 
user and service data in an LDAP directory. An example schema is set forth herein in 
APPENDIX 1. 

Please replace the paragraph beginning on line A, page V3 with the following 
amended paragraph: 
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In one embodiment, the service selection gateway ("SSG") and service selection 
dashboard ("SSD") i nteract using RADIUS protocol commands. A set of commands is 
defined for the interaction between the SSG and SSD. In one specific embodiment, the 
commands include ACCOUNT LOG ON, ACCOUNT LOG OFF, SERVICE LOG ON, 
SERVICE LOG OFF, DEFAULT DNS SERVICE, SERVICE MESSAGE, ACCOUNT 
STATUS QUERY, SERVICE ACCESS ORDER, a command to set a Privilege token in the 
service selection gateway by associating it with a Host object, and a command to retrieve a 
Privilege token that is stored in a specified Host object. 

Please replace the paragraph beginning on line 8, page 16 with the following 
amended paragraph: 

In block 2-007, the auth e ntication authorization service returns the privilege token to 
the service selection dashboard. In one embodiment, the privilege token is provided in clear 
text and stored at the service selection gateway. Alternatively, the privilege token may be 
encrypted to prevent security attacks such as replay, forgery, etc. 
^ ^ ) 1 0 ^ Please replace the paragraph beginning on line yti 9 page 1 7 with the following 

amended paragraph: 

In block 2-01 1, "auto-logon" services are processed. In an embodiment, then service 
selection dashboard creates and stores a list of services that are marked as "Auto Logon." 
This information is available in the response that is sent from the directory-enabled service 
selection system to the service selection dashboard in the preceding step. 
^| Please replace the paragraph beginning on line^, page 28 with the following 

amended paragraph: 

Specifically, a "subscriber* * interface represents a subscriber. Any entity that can be a 
subscriber implements this interface. Examples include? user, organizational units, groups, 
etc. 
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